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rSUBSTITUTE SPECIFICATION] 

A PORTABLE KEYING DEVICE AND METHOD 
Background of the Invention 

1. Field of the Invention 

The present invention relates generally to transaction terminals, and particularly 
to the installation of security keys In transaction terminals. 

2. Technical Background 

Electronic terminals such as point-of-sale (POS) terminals are becoming 
ubiquitous in our society. These terminals include credit, debit, and check 
authorization capabilities. Some of these devices are used as stand-alone devices and 
some are networked using LAN technology. Because of the sensitive financial 
information being transmitted and received by these electronic terminals, security is a 
critical issue. In order to provide security, electronic terminals employ data 
encryption. Encryption devices scramble readable data to produce cipher text. Most of 
the terminals use an encryption key as part of the encryption process. An encryption 
key is a block of data that is combined with the readable input data to produce the 
cipher text. For example, the encryption key and the input data can be combined using 
an exclusive-OR fiinction. On the other hand, the Data Encryption Standard (DES) 
algorithm is often used to combine an encryption key with input data to produce the 
cipher text. The DES algorithm employs a 56-bit encryption key to produce the cipher 
text. The use of an encryption key is considered to be more secure than scrambling the 
input data. 

Another security issue relates to tamper protection. Typically, all secure 
informaticm such as encryption keys are stored in SRAM or PROM. In one approach, 
if the proc essor detects a downloading operation that may result in security information 
being compromised, the processor deletes the security information. 

In .another approach, tamper detection switches are employed to prevent 
physical tax npering of the terminal. If the top enclosure of the terminal is separated 
from the mai n printed circuit board, or if the "trap door" is opened in the bottom of the 
enclosure, the detection switches are thrown. The operating system of the terminal is 
programmed to erase the security information in response to the signals received from 
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the switches. In another approach, ultrasonic bonding is often used to provide evidence 
that someone attempted to open the terminal device. 

While the above described methods are effective in terms of preventing or 
monitoring tampenng, there are problems associated with these methods. Under 

5 certain circumstances the security information loaded into the electronic terminal must 
be changed or updated. Oftentimes it is c.:;sirable to change the security information 
loaded into the electronic terminal at the factory before the first use. At this point, the 
terminal must be shipped to the factory or to a servicing organization to be re- 
program.med. Subsequently, the tenninal is unboxed, the anti-tampering features are 

10 de-activated, the security infonnation is reloaded, the terminal re-bonded and the 
terminal is repackaged. These steps are inefficient, time consuming and costly. 

What is needed is a method of securely reprogramming the security information 
in an electronic terminal without having to remove the terminal from its shipping 
container, dismantle the terminal, de-activate the r>>nti-tampsring features, reload the 

15 security information, and re-bond the terminal. Fuxiher, wr.at is needed is a method of 
securely reprogramming che security information in an electronic terminal without 
having to ship the tenninal off-site. 

SUMr/IARY OF THE INVENTION 

The present invention addresses the needs discussed above. The present 
20 invention provides a system and mxthod for securely reprogramming the secarity 

information in an electronic terminal without having to ship the terminal off-site. The 
present invention provides a system and method for securely reprogramming the 
security information in an electronic terminal without having to remove the terminal 
from its shipping container, dismantle the terminal, de-activate the Lnti-tampering 
25 features, reload the security information, and re-bond the terminal. 

One aspect of the present invention is a portable keying device for installing a 
data communications encryption key in at least one electronic terminal. The electronic 
terminal includes a secure encryption key memory location for storing at least or'^ data 
communications encryption key. The device includes a memory device for storii , the 
30 at least one data communications encryption key. A communications unit is cou .eJ to 
the memory device, the communications unit being operative to transmit the at Ic^st 
one data communications encryption key in a predetermined format to the electronic 
terminal. 
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In another aspect, the present invention includes a method for installing a data 
communications encryption key in an electronic terminal. The electronic terminal 
including a secure encryption key memory location jor stoiing the at least one data 
communications encryption key. The method induces: "roviding a portable keying 

5 device, whereby the portable keying device i£ phycically separated iroi-i the electronic 
terminal; performing a handshaking routine, vvaereby thf; keying device ana the 
electronic terrranal exchange handshaking messages; "rai.sinitdng an en-^ryption key 
from the portable keying device to the electronic terminal, and storing the encryption 
key iTansmitted from the portable keying device to the electronic terminal in the secure 

10 key memory location. 

In yet another aspect, the present invention includes a portable key installation 
system for installing a data communications encr ption key. The system includes at 
least one electronic terminal ha/ing a secure encryption key memory adapted to store 
the at least one data communications encr^/ption l:ey, and a tenninal communications 

15 unit coupled to the secure encryption key memory. A portable keying device includes 
a memory adapted tc store the at least one data -communications encryp'.ion I'ey, and a 
device communications unit coupled to the memory device, the device communications 
unit being adapted to bi-directionally comm.unicate the at least one dr'ta 
communications encryption key in a predetermined fonrat to the tenninai 

20 communications unit. 

Additional features and advantages of the invention will b? set forth in the 
detailed description which follows, and in part will be readily apparent to those skilled 
in the art from that descr'ption or recognized by practicing the invention as described 
herein, including the detailed description which follows, ths claims, as v/el! as the 

25 appended drawings. 

It is to be understood that both the foregoing general description and the 
following detailed description are merely exemplary of the invention, and are intended 
to provide an overview or framework for understanding the nature and character of the 
invention as it is claimed. The accompanying drawings are included to provide a 

30 further understanding of the invention, and are incorpora- cd in and CDnstitute a part of 
this specification. The drawings illustrate various embodim^.nts of the invention, and 
together with the description serve to explain the principles and operation of the 
invention. 



Brief Description of the Drawings 

Figure 1 is a diagrammatic depiction of a portable key installation system in 
accordance with one embodiment of the present invention; 

Figure 2 is a perspective view of a portable key installation system depicted in 
Figure 1; 

Figure 3 is a chart showing a method for installing a security key in an 
electronic terminal using a portable device; 

Figure 4 is a chart showing z method for installing security keys in a plurality 
of electronic terminals using the portable device; 

Figures 5A and 5B are a diagrammatic depictions of an electronic terminal in 
accordance with a second em.bodiment cf the present invention; 

Figure 5 is a diagrammatic depiction of an electronic tenninai in accordance 
with a third embodiment of the present invention; and 

Figure 7 is a diagrammatic depiction of an electronic terminal ir accordance 
with a fourth embodiment of the present invention. 

Detailed Description 

Reference will now be made in detail to the present exemplary embodim_ents of 
the invention, examples of which are illustrated in the accompanying drawings. 
Wherever possible, the same reference numbers will be used throughout the drawings 
to refer to the same or like parts. An exemplary embodiment of the portable key 
installation syster-. of the present invention is shown in Figure 1, and is designated 
generally throughout by reference numeral 10. 

In accordance with the invention, -he present invention for a portable key 
installation system, includes a portable keying device for installing a data 
communications encryption key in an electronic terminal. The electronic terminal 
including a secure encryption key memory location for storing the at least one data 
communications encryption key. The portable keying device includes a mem.ory for 
storing the at least one data communications encryption key. A processor that is 
operative to generate a secure installation message, the secure installation message 
including the at least one data communications encryption key. A com.munications unit 
is coupled to the processor. The communications unit is operative to transmii the 
installation message in a predetermined formal to the electronic terrnmal. 
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Thus, the present invention provides a system and method for securely reprcgraniming 
the security information in an electronic terminal without having to ship the electronic 
terminal off-site. The present invention provides a system and method for securely 
reprogramming the security information in an electronic terminal without having tc 
5 remove the electronic terminal from its shipping container, dismantle the terminal, de- 
activate the anti- tampering features, reload the security information, and re-bcnd the 
termiral. 

As embodied herein, and depicted in Figure 1 a diagrammatic depiction cf a 
portable key installation system in accordance with one embodiment of the present 
10 invention is disclosed. System 10 includes portable keying device IOC and eb':tronic 
terminal 200. 

Portable keying device 100 includes I/O circuit 12, processor 14, 1 AM 16, 
EROM 18, key memory 20 and RF controller 22 coupled by way of system bus 28. RF 
controller 22 is connected to RF transceiver 24. RF transceiver 24 is conne-^ted to 

15 antenna 26. In one embodiment, I/O circuit 12 is coupled to a keypad which is used to 
input the encryption key. In yet another embodiment, an initial key download is 
performed via the keypad or the external device. Subsequently, processor 14 uses the 
initial key to generate encryption keys for a plurality of devices by rinning a secure 
key generation algorithm. 

20 It will be apparent to those of ordinary skill in the pertinent art that 

modifications and variations can be made to processor 14 of the present invention 
deperiding on cost and programming considerations. For exampl-^, in one embodiment 
processor 14 is implemented using an 8-bit "programmable system-on-a-chip" device, 
of the type manufactured by Cypress Semiconductor. One of ordinary skill in the art 

25 will recognize that 16-bit and 32-bit devices can also be used, in addition to other S-bit 
devices. 

It will be apparent to those of ordinary skill in the pertinent art that 
modifications and variations can be made to EROM 18 and key memory 20 of tne 
present invention depending on cost, security, and re-programmabTity considerations. 
30 In one embodiment key memory 20 is actually a memory location within EROM iS. 
For exam.ple, in the 8-bit micro-controller embodiment, EROM 1 8 and key merr.ory 20 
are implemented using 321.bytes of embedded ROM. Ram 16 is implemented using 
1 kbyte of embedded RAM. In another erabDdiment, key memory 20 is implemented 
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using a separate memory device. In general key memory 20 's implemented using non- 
volatile memory such as E^PROM, Flash EPROM, battery-backed RAM, or Ferro 
RAM (FR/.M). Re-programmability is an issue in the keying device because the 
device is re-usable to reprogram any number of terminals 200. 

5 It will be apparent to those of ordinary skill in the pertinent art that 

modifications and variations can be made to RF controller 216, RF transceiver 218, and 
antenna 220 of the present invention depending on cost and implementation 
considerations. For example, in Figure 1 and Figure 2, a low power/close proximity 
RF system, is depicted. In this embodiment, transceiver 24 outputs approximaisiy 1 

10 mill i- Watt and has an effective range of about 1 meter of less. In another embodiment, 
the RF components are replaced altogether by an infrared optical communications 
system. In yet another embodiment, the RF components are replaced by an aud 
communications system that employs DTMF technology. 

Referring back to Figure 1, any type of electronic terminal 200 can b 

15 employed in system 10 of the present invention. In one embodiment, electnic 

terminal 200 is a simple hard-wir-jd terminal. In other embodiments, terrrial 200 is a 
keypad, signature pad, card reader, bar code reader, or a POS retail transition ^ . 
terminal. In yet another embodiment, electronic terminal 200 is a stanoalon; ^^ unit. In 
an alternate embodiment, electronic terminal 200 is networked to a LN. in the 

20 example depicted in Figure 1, electronic terminal 200 includes I/O ci^u, ^it 202, 

processor 204, RAM 206, EROM 208, key memory 214 and RF conf/^yller 216 coupled 
by way of system bus 222. In this example, tenninal 200 includes innaging assembly 
208 for image scanning purposes. Image assembly 208 is controlled ' by processor 204. 
Imaging data generated by image assembly 208 Is written into R/J/^ I 206 by way of 

25 DMA channel 210. RF controller 216 is connected to RF transceiver 218. RF 
transceiver 2 1 8 is connected to antenna 220. r 

In another embodiment, processor 204 includes a general p urpcse processor anc" 
an additional processor to handle secure information including thf i encryption key. In 
this embodiment, the additional processor is programmed to har(,idle I/O functions 

30 involving a keypad and display. Key memory 214 is embeddet'd in the secunty 
processor. 

It will be apparent to those of ordinary skili in the pertunent art that 
modifications and variations can be made to key memory 21^t of the present invention 
depending on cost, security, and re-programm.ability conside -rations. In one 



device 100 t.-ans.nits an authorization code to electronic terminal 200. The transmitted 
authorization code must match the authorization code stored in EROM 212 of terminal 
200. If the authorization codes match, portable device 100 transmits an installation 
message in step S304. The installation message includes the encryption key to be 
installed. Li step S306, terminal 200 retransmits the encryption key to portable device 
100. Portable device 100 validates the key by comparing the key that it received from 
terminal 200 in step S306 with the key it sent to terminal 200 in step S304. If the two 
keys do not match, portable device 100 performs step S304 * er again. As shown in 
steps S308 - S3 14, device :00 displays error message to Uie u^er after several 
unsuccessful attempts, indicating that a successful transfer of the icey could not be 
performed. If the key is validated in step S3 06, processor 204 writes the encryption 
key into secure key memory 214 in step S3 16. 

In an alternate embodiment, step S306 includes additional steps. Portable 
device 100 transmits a test encryption key that it believes is cuixently being stoied in 
key memory 214. If the test encryption key matches the current encryption key, 
terminal 200 transmits an acknowledgment signal. If the keys do not match, the 
installation procedure is aborted. Upon receiving the acknowledgm-^nt signal, portable 
device 100 transmiits the new encryption key to terminal 200. !f the new key is 
validated in step S306, processor 204 writes the encryption key into secure key 
memory 214, and the procedure is complete. 

As embodied herein and depicted in Figure 4, a chart showing a method for 
installing security keys in a plurality of electronic terminals is disclosed, /.s shown in 
step S400, an initial key is downloaded into memory 16 of portable keying device 100. 
This step can be performed using keypad 120, or performed electronically using an 
external computer, or some other such device. Processor 14 uses the initial key to 
generate encryption keys for a plurality of devices by running a secure key generation 
algorithm. In step S402, the algorithm is used to generate; one enciyptlc" key. I"-- step 
S 404, the method depicted in Figure 3 is employed to install the en-:ryption key in Lie 
first terminal. If there are additional terminals to be programme ed, steps S402 - C406 
are repeated until encryption keys are installed in ail of the terminals 200. 

As embodied herein, and depicted in Figure 5A, a diagrammatic depiction of 
electronic terminal 200 in accordance with a second embodiment of the presen!; 
invention is disclosed. In this embodiment, key memor-' 214 requires an ex'.emal 
programming voltage. As described above, tenr.inai 200 includes processor 20^, key 
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memory 214, transceiver 2 1 8 and antenna 220. In this example it is assumed that 
terminal 200 is boxed in a shipping container of some sort. Thus, tenninal 200 is not 
connected to any external power supply. However, terminal 20C includes diode 240, 
normal operating voltage supply 259 and programming voltage supply 260. Normal 

5 operating voltage supply 250 includes c£ -acitor 252, capacitor 254, and voltage 
regulator 256. Programming operating voltage supply 2o0 includes capacitor 262, 
capacitor 264, and voltage regulator 266. When portable device 100 transmits an RF 
signal to te.rminal 200, diode 240 rectifies tho AC-RF signal and prevent any return 
signal from damaging the RF com.ponents. The resultant DC signal is used to charge 

10 up capacitors 252, 254, 262 and 264. Voltage regulator 256 ensures that the power 
supplied to terminal 200 is within system operating parameters. Voltage regulator 266 
ensures that memory 214 receives an acceptable programming voltage. In response to 
the normal operating voltage supplied by supply 250, terminal 200 is energized and 
ready for key installation. At the proper time, e.g. during step S308 (Sse Figure 3), 

15 processor 204 activates switch 262 and supply 260 provides memory 214 with the 

programming voltage required to store the new encryption key therein. Figure 5B is an 
alternative embodiment of Figure 5 A. In the alternative embodiment, switch 262 is 
connected to the output of normal operating voltage supply 250 instead of being 
connected to the input of key memory 214 as in Figure 5 A. Functionally, there is very 

20 little difference between the two alternative embodiments. 

As embodied herein, and depicted in Figure 6, a diagrammatic depiction of an 
electronic terminal in accordance with a third embodiment of the present invention is 
disclosed. In this embodiment, battery 242 is included within terminal 200 to provide a 
normal operating voltage. Diode 240 is included to rectify the RF signal and prevent 

25 any return signals from damaging the RF components. Programming operating voltage 
supply 250 is included to provide programming voltage to key memory 214. 
Programming operating voltage supply 250 includes capacitor 254, capacitor 253, ana 
voltage regulator 258. When portable device 100 transmits an RF signal to terminal 
200, diode 240 rectifies the AC-RF signal. The resultant DC signal is UL^d to charge 

30 up capacitors 254 and 256. Again, at the t/rcper time, e.g. during step S308 (See 
Figure 3), processor 204 activates switch 252 and s ipply 250 provides memory 214 
with the programming voltage requi ed to store the new =^ncryption key therein. 
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As embodied herein, and depicted in Figure 7, a diagrammatic depiction of an 
electronic terminal in accordance with a fourth smbodiment of the present invention is 
disclosed. In this embodiment, the required programming voltage is supplied 
internally. Battery 240 is included within terminal 200 to provide both the normal 

5 operating voltage and the programming voltage. In this embodiment battery 240 is 
coupled to programming voltage supply 250. Programming vohage supply 250 is 
identical to those depicted in Figure 5A, Figure 5B and Figure 6. Since battery 240 
supplies DC voltage to capacitors 254 and 256, no rectifying diode is needed. Yet 
again, at the proper time, e.g. during step S308 (See Figure 3), processor 204 activates 

1 0 switch 252 and programming supply 25 0 provides memory 2 1 4 with the programming 
voltage required to store the new encryption key therein 

It v/ill be apparent to those skilled in the art that various m.odifications and 
variations can be made to the present invention without departing from the spirit and 
scope of the invention. Thus, it is intended that the present invention cover the 

1 5 modifications and variations of this invendon provided they come within the scope of 
the appended claims and their equivalents. 
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[MARKED UP VERSION OF THE SPECIFICATION] 

A PORTABLE KEYING DEVICE AND METHOD 
Background of the Invention 
1. Field of the Invention 

The present invention relates generally to transaction terminals, and particularly 
to the installation of security keys in transaction terminals. 

5 2. Technical Background 

Electronic terminals such as point-of-sale (PCS) terminals are becoming 
ubiquitous in our society. These terminals include credit, debit, and check 
authorization capabilities. Some of these devices are used as stand-alone devices and 
some are networked using LAN technology. Because of the sensitive financial 

] 0 information being transmitted and received by these electronic terminals, security is a 
critical issue. In order to provide security, electronic terminals employ data 
encryption. Encryption devices scramble readable data to produce cipher text. Most of 
the terminals use an encryption key as part of the encryption process. An encryption 
key is a block of data that is combined with the readable input data to produce the 

15 cipher text. For example, the encryption key and the input data can be combined using 
an exclusive-OR fiinction. On the other hand, the Data Encryption Standard (DES) 
algorithm is often used to com.bine an encryption key v/ith input data to produce the 
cipher text. The DES algorithm employs a 56-bit encryption key to produce the cipher 
text. The use of an encryption key is considered to be more secure than scrambling the 

20 input data. 

Another security issue relates to tamper protection. Typically, all secure 
information such as encryption keys are stored in SRAM or PROM. In one approach, 
if the processor detects a downloading operation that may result in security information 
being compromised, the processor deletes the security information. 
25 In another approach, tamper detection switches are employed to prevent 

physical tampering of the terminal. If the top enclosure of the terminal is separated 
from the main printed circuit board, or if the "trap door" is opened in the bottom of the 
enclosure, the detection switches are thrown. The operating system of the terminal is 
programmed to erase the security information in response to the signals received from 
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the switches. In another approach, ultrasonic bonding is often used to provide evidence 
that someone attempted to open the terminal device. 

While the above described methods are effective in terms of preventing or 
monitoring tampering, there are problems associated with these methods. Under 
certain circumstances the security information loaded into the electronic terminal must 
be changed or updated. Oftentimes it is desirable to change the security information 
loaded into the electronic terminal at the factory before the first use. At this point, the 
terminal must be shipped to the factory or to a ser/icing organization to be re- 
programmed. Subsequently, the terminal is unboxed, the anti-tampering features are 
de-activated, the security information is reloaded, the tenninal re-bonded and ths 
tei-minal is repackaged. These steps are inefficient, time consuming and costly. 

What is needed is a method of securely reprogramming the securiti^ information 
in an electronic terminal without having to remove the terminal from its shipping 
container, dismantle the terminal, de-activate the anti-tampering features, reload the 
security information, and re-bond the terminal. Further, what is needed is a method of 
securely reprogramming the security information in an electronic terminal without 
having to ship the terminal off-site. 

Summary of the Invention 
The present invention addresses the needs discussed above. The present 
invention provides a system and method for securely reprogramming the securit)^ 
information in an electronic terminal without having to ship the terminal off-site. The 
present invention provides a system and method for securely reprogramming the 
security information in an electronic terminal without having to remove the terminal 
from its shipping container, dismantle the terminal, de-activate the anti-tampering 
features, reload the security information, and -e-bond the terminal. 

One aspect of the present invention is a paitable keving device for installing a 
data communications encryption kev in at least one electronic terminal. The electronic 
terminal includes a secure encryption key memory location for storing at least one data 
communications encryption key. The device includes a memory device for storing the 
at least one data communications encryption kev. A communications unit is coupled to 
the memory device, the communications unit being operative to transmit the at least 
one data communications encryption key in a predetermined format to the elecfronic 
terminal. 
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In another aspect, the present invention includes a method for installing a data 
communications encryption key in an electronic terminal. The electronic terminal 
including a secure encryption key memory location for storing the at least one data 
communications encryption key. The method includes: providing a portable keying 
5 device, whereby the portable keying device is physically separated from the electronic 
termirxal; performing a handshaking routine, whereby the keying device and the 
electronic terminal exchange handshaking messages; transmitting an encryption key 
from the portable keying device to the electronic terminal; and storing the encryption 
key transmitted from the portable keying device to the electronic terminal in the secure 
10 key memory location. 

In yet another aspect, the present invention includes a portable key installation 
system for installing a data communications encryption key. Ths system includes at 
least one electronic terminal having a secure encryption key memory adapted to store 
the at least one data communications encr>T5tion key, and a terminal communications 
15 unit coupled to the secure encryption key memory. A portable keying device includes 
a memory adapted to store the at least one data communications encryption key, and a 
device communications unit coupled to the memory device, the device communications 
unit being adapted to bi-directionally communicate the at least one d^ta. 
communications encryption key in a predetermined format to the tsrminai 
20 communications unit. 

Additional features and advantages of the invention will be set forth in the 
detailed description which follows, and in part will be readily apparent to those skilled 
in the art from that description or recognized by practicing the invention as described 
herein, including the detailed description which follows, the claims, as well as the 
25 appended drawings. 

It is to be understood that both the foregoing general description and the 
following detailed description are merely exemplary of the invention, and are intended 
to provide an overview or framework for understanding the nature and character of the 
invention as it is claimed. The accompanying drawings are included to provide a 
30 farther understanding of the invention, and are incorporated in and constitute a part of 
this specification. The drawings illustrate various embodiments of the invention, and 
together with the description serve to explain the principles and operation of the 
invention. 



Brief Description of the Drawings 

Figure 1 is a diagrammatic depiction of a portable key installation system in 
accordance with one embodiment of the present invention; 

Figure 2 is a perspective view of a portable key installation system depicted in 
5 Figure 1; 

Figure 3 is a chart showing a method for installing a security key in an 
electronic terminal using a portable device; 

Figure 4 is a chart showing a method for installing securitv keys in a jjlurality 
of electronic terminals using the portable device: 
10 Figures [4A] 5A and [5 A] 5B are a diagrammatic depictions of an electronic 

terminal in accordance with a second embodiment of the present invention; 

Figure [5] 6 is a diagrammatic depiction of an electronic terminal in accordance 
with a third embodiment of the present invention; and 

Figiire [6] 7 is a diagrammatic depiction of an electronic terminal in accordance 
15 with a fourth embodiment of the present invention. 



Detailed Description 
Reference will now be made in detail to the present exemplary embodiments of 
the invention, examples of which are illustrated in the accompanying drawings. 
Wherever possible, the same reference numbers will be used throughout the drawings 

20 to refer to the same or like parts. An exemplary embodiment of the portable key 
installation system of the present invention is shown in Figure 1, and is designated 
generally throughout by reference numeral 10. 

In accordance with the invention, the present invention for a portable key 
installation system includes a portable keying device for installing a data 

25 communications encryption key in an electronic terminal. The electronic terminal 
including a secure encryption key memoty location for storing the at least one data 
communications encryption key. The portable keying device includes a memory for 
storing the at least one data communications encryption key. A processor that is 
operative to generate a secure installation message, the secure installation message 

30 including the at least one data communications encryption key. A communications unit 
is coupled to the processor. The communications unit is operative to transmit the 
installation message in a predetermined fonnat to the electronic terminal. 
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Thus, the piesent invention provides a system and method for securely reprogramming the security 
information in an electronic terminal without having to ship the electronic terminal off- 
site. The present invention provides a system and method for securely reprogramming 
the security information in an electronic terminal without having to remove the 
electronic terminal from its shipping container, dismantle the terminal, de-activate the 
anti-tampering features, reload the security information, and re-bond the terminal. 

As embodied herein, and depicted in Figure 1 a diagrammatic depiction of a 
portable key installation system in accordance with one embodiment of the present 
invention is disclosed. System 10 includes portable keying device 100 and electronic 
terminal 200. 

Portable keying device 100 includes I/O circuit 12, processor 14, RAM 16, 
EROM 18, key memory 20 and RF controller 22 coupled by way of system bus 28. RF 
controller 22 is connected to RF transceiver 24. RF transceiver 24 is connected to 
antenna 26. In one embodiment, I/O circuit 12 is coupled to a kej'pad which is used to 
input the encryption key. [In another embodiment, I/O circuit 12 is coupled to a 
connector that mates with an external device. The encryption key is downloaded from 
the external device into key memory 20 via I/O circuit 12.] In yet another embodiment, 
an initial key download is performed via the keypad or the external device. 
Subsequently, processor 14 uses the initial key to generate encryption keys for a 
plurality of devices by running a secure key generation algorithm. 

It will be apparent to those of ordinary skill in the pertinent art that 
modifications and variations can be made to processor 14 of the present invention 
depending on cost and programming considerations. For example, in one embodiment 
processor 14 is imp'^mented using an 8-bit "programmable system-on-a-chip" device, 
of the type manufactured by Cypress Semiconductor. Cne of ordinary skill in the art 
will recognize that 16-bit and 32-bit devices can also be used, in addition to other 8-bit 
devices. 

It will be apparent to those of ordinary skill in the pertinent art that 
modifications and variations can be made to EROM 18 and key memory 20 of the 
present invention depending on cost, security, and re-programmability considerations. 
In one embodiment key memory 20 is actiially a memory location within EROM 18. 
For example, in the 8-bit micro-controiler embodiment, EROM 18 and key memory 20 
are implemsnted using 32kbytes of embedded ROM. E.am 16 is implemented using 
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1 kbyte of en.bedded RAM. In another embodiment, key memory 20 io implemented 
using a separate memory device. In general key memory 20 is implemented using non- 
volatile memory such as [E2PR0M] E^PROM . Flash EPROM, battery-backed RAM, 
or Ferro RAM (FRAM). Re-programmability is an issue in the keying device because 
the device is re-usable to reprogram any number of terminals 200. 

It will be apparent to those of ordinary skill in the pertinent art that 
modifications and variations can be made to RF controller 216, RF transceiver 218, and 
antenna 220 of the present invention dc^^ending on cost and implementation 
considerations. For example, in Figare 1 and Figure 2, a lew power/close proximity 
RF system is depicted. In this embodiment, transceiver 24 outputs approximately 1 
milli-Watt and has an effective range of about 1 meter of less. In another embodiment, 
the RF components are replaced altogether by an infrared optical communications 
system. In yet another embodiment, the RF components are replaced by an audio 
communications system that employs DTMF technology. 

Referring back to Figure 1, any type of electronic terminal 200 can be 
employed in system 10 of the present invention. In one embodiment, electronic 
terminal 200 is a simple haid-wired terminal. In other embodiments, terminal 200 is a 
keypad, signature pad, card reader, bar code reader, or a POS retail transaction 
terminal. In yet another embodiment, electronic terminal 200 is a stand-alone unit. In 
an alternate embodiment, electronic terminal 200 is networked to a LAN. In the 
example depicted in Figure 1, electronic terminal 200 includes I/O circuit 202, 
processor 204, RAM 206, EROM 208, key memory 214 and RF controlier 216 coupled 
by way of system bus 222. In this example, terminal 200 includes imaging assembly 
208 for image scanning purposes. Image assembly 208 is controlled by processor 204. 
imaging data generated by image assembly 208 is written into RAM 206 by v/ay of 
DMA channel 210. RF controller 216 is connected to RF transceiver 218. RF 
transceiver 218 is cormected to antenna 220. 

In another embodiment, processor 204 includes a general purpose processor and 
an additional processor to handle secure information including the encryption key. In 
this embodim.ent, the additional processor is programmed to handle I/O functions 
involving a keypad and display. Key memory 214 is embedded in the security 
processon 

It will be apparent to those of ordinary skill in the pertinent art that 
modifications and variations can be made to key memory 214 of the present invention 
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It will be apparent to those of ordinary skill in the pertinent art that 
modifications and variations can be made to key memory 214 of the present invention 
depending on cost, security, and re-programmability considerations. In one 
embodiment key memory 214 is actually a memory location within EROM 18. In 
5 another embodiment, key memory 214 is implemented using a separate memory 

device. In general key memory 214 is implemented using non-volatile memory such as 
[E2PROM] E'PROM . Flash EPROM, battery-backed SRAM, or Ferro RAM (FRAM). 
One of the re-programmability considerations relates to the programming voltage 
required by key memory 214. Some memory devices require an additional 

10 programming voltage, over and above the normal system operating voltage, before 
being enabled to reprogram the contents of the memory. 

With respect to the other components of terminal 200 depicted in Figure 1, 
modifications and variations are dependent on the type and complexity of terminal 200. 
Further, the communications components are dependent on the type of communications 

15 components present in portable keying device 100. 

As embodied herein, and depicted in Figure 2, a perspective view of the 
portable key installation system depicted in Figure 1 is disclosed. Electronic terminal 
200 includes housing 230, which accommodates keypad 232, display 234, card reader 
236, cable 238 and antenna 220. As discussed above, terminal 200 can be a stand- 

20 alone terminal or a networked device. Portable !ceyi:>g device 100 includes housing 
102, keypad 120 and liquid crystal display 122. Figure 2 illustrates a secure 
communications protocol that avoids accidental erasure or reprogramming of the 
encryption key stored in key memory 214. In this embcdiment, additional security' is 
provided by keying system 10 by employing RF components that include proximaty 

25 features. The proximity features include power level S, angular directivity [2] 9, and 
polarity P. Of course, the effective range of keying device 10 is a function of the 
power. If, for example, portable keying device 100 is not within 1 meter, and is not 
pointing at antenna 220 (within, e.g., ± [15o] 15° ), and does not emit an RF signal 
having a polarity that is matched to the RF system in terminal 200, the re-programming 

30 attempt will be unsuccessful. 

As embodied herein, and depicted in Figure 3, a chart showing a method for 
installing a security key in an electronic terminal using a portable device is disclosed. 
In step S300, portable device 100 and elect-onic terminal exchange handshaking 
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terminal 200 exchange authentication codes. Subsequently, in step S3 02, portable 
device 100 transmits an authorization code to electronic terminal 200. The transmitted 
authorization code must match the authorization code stored in EROM 212 of terminal 
200. If the authorization codes match, portable device 100 transmits an installation 

5 message in step S3 04. The installation message includes the encryption key to be 

installed. In step S306, terminal 200 retransmits the encryption key to portable device 
100. Portable device 100 validates the key by comparing the key that it received from 
tenninal 200 in step S306 with the key it sent to terminal 200 in step S304. If the two 
keys do not match, portable device 100 performs step S304 over again. As shown in 

10 steps S308 - S3 14, device 100 displays an error message to the user after several 
unsuccessful attempts, indicating that a successfiil transfer of the key could not be 
performed. If the key is validated in step S306, processor 204 writes the encryption 
key into secure key memory 214 in step S3 16. 

In an alternate embodiment, step S306 includes additional steps. Portable 

15 device 100 transmits a test encryption key that it believes is currently being stored in 
key memory 214. If the test encryption key matches the current encryption key, 
terminal 200 transmits an aclcnowledgment signal. If the keys do not match, the 
installation procedure is aborted. Upon receiving the acknowledgment signal, portable 
device 100 transmits the new encryption key to terminal 200. If the new key is 

20 validated in step S306, processor 204 writes the encryption key into secure key 
memory 214, and the procedure is complete. 

As embodied herein and depicted in Figure 4. a chart showing a method for 
installing security kevs in a plurality of electronic terminals is disclosed. As shown in 
step S400. an initial kev is downloaded into memorv 16 of portable keying device 100. 

25 This step can be performed using kevpad 120. or performed electronicallv using an 
external computer, or some other such device. Processor 14 uses the initial kev to 
generate encryption keys for a plurality of devices bv running a secure key generation 
algorithm. In step S402. the algorithm is used to generate one encryption kev. In step 
S 404. the method depicted in Figure 3 is employed to install the encryption kev in th e 

30 first terminal. If there are additional terminals to be programmed, steps S402 - S406 
are repeated until encryption kevs are installed in all of the terminals 200. 

As embodied herein, and depicted in Figure [4A] 5A, a diagrammatic depiction 
of electronic terminal 200 in accordance with a second embodiment of the present 
invention is disclosed. In this embodiment, key memory 214 requires an external 
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programming voltage. As described above, terminal 200 includes processor 204, key 
memory 2 1 4, transceiver 2 1 8 and antenna 220. In this example it is assumed thai: 
terminal 200 is boxed in a shipping container of some sort. Thus, terminal 200 is not 
connected to any external power supply. However, terminal 200 includes diode 240, 
5 normal operating voltage supply 250 and programming voltage supply 260. Normal 
operating voltage supply 250 includes capacitor 252, capacitor 254, and voltage 
regulator 256. Programming operating voltage supply 260 includes capacitor 262, 
capacitor 264, and voltage regulator 266. When portable device 100 transmits an RF 
signal to terminal 200, diode 240 rectifies the AC-RF signal and prevent any return 
10 signal from damaging the RF components. The resultant DC signal is used to charge 
up capacitors 252, 254, 262 and 264. Voltage regulator 256 ensures that the power 
supplied to terminal 200 is within system operating parameters. Voltage regulator 266 
ensures that memory 214 receives an acceptable programming voltage. In response to 
the normal operating voltage supplied by supply 250, terminal 200 is energized and 
15 ready for key installation. At the proper time, e.g. during step S308 (See Figure 3), 
processor 204 activates switch 262 and supply 260 provides memory 214 with the 
programming voltage required to store the new encr3^tion key therein. Figure 5B is an 
alternative embodiment of Figure [4A] 5A- Iri the alternative embodiment, switch 262 
is comiected to the output of normal operating voltage supply 250 instead of being 
20 connected to the input of key memory 214 as in Figure [4 A] 5A- Functionally, there is 
very little difference betvveen the two alternative embodiments. 

As embodied herein, and depicted in Figure [5] 6, a diagrammatic depiction of 
an electronic terminal in accordance with a third embodiment of the present invention 
is disclosed. In this embodiment, battery 242 is included within terminal 200 to 
25 provide a normal operating voltage. Diode 240 is included to rectify the RF signal anc 
prevent any return signals from damaging the RF components. Programming operating 
voltage supply 250 is included to provide programming voltage to key memory 214. 
Programming operating voltage supply 250 includes capacitor 254, capacitor 256, and 
voltage regulator 258. When portable device 100 transmits an RF signal to terminal 
30 200, diode 240 rectifies the AC-RF signal. The resultant DC signal is used to charge 
up capacitors 254 and 256. Again, at the proper time, e.g. during step S308 (See 
Figure 3), processor 204 activates switch 252 and supply 250 provides memory 214 
with the programm.ing voltage required to store the new encryption key therein. 
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As embodied herein, and depicted in Figure [6] 7, a diagrammatic depicdon of 
an electronic terminal in accordance with a fourth embodiment of the present invention 
is disclosed. In this embodiment, the required programming voltage is supplied 
internally. Battery 240 is included within terminal 200 to provide both the normal 

5 operating voltage and the programming voltage. In this embodiment battery 240 is 
coupled to programming voltage supply 250. Programming voltage supply 250 is 
identical to those depicted in Figure [4 A] 5A, Figure [4B] 5B and Figure [5] 6. Since 
battery 240 supplies DC voltage to capacitors 254 and 256, no rectifying diode is 
needed. Yet again, at the proper time, e.g. during step S308 (See Figure 3), processor 

10 204 activates switch 252 and programming supply 250 provides memory 214 with the 
programming voltage required to store the new encryption key therein. 

It will be apparent to those skilled in the art that various modifications and 
variations can be made to the present invention without departing from the spirit and 
scope of the invention. Thus, it is intended that the present invention cover the 

15 modifications and variations of this invention provided they come within the scope of 
the appended claims and their equivalents. 



